Data Security and Cryptography
Download
Report
Transcript Data Security and Cryptography
Data Security and Cryptography
•
•
•
•
•
Legal data protection
Risk analysis and IT Baseline Protection
Data security
Cryptography
Smart card
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 1
Data Security and Cryptography
Data protection, Privacy (legal)
Protection of personal data
Protection of persons against not authorized processing of data
concerning that person
Data Security (technical)
Protection against
Loss, dammage
Not authorised reading, changing
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 2
Data protection
Legal data protection
interdiction with conditionally allowance
German Data Protection Act
Federal State Data Protection Act
special Data Protection Act :
Gesundheitsstrukturgesetz (health structure act)
Personalvertretungsgesetz (staff / workers council Data Protection Act )
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 3
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 4
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 5
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 6
Privacy failure - an example
The Hampshire hospital system provides a good example of the failure to fully address privacy
issues raised by information technology in the National Health Service (NHS). Because the
then health minister held the constituency of Winchester (in Hampshire), new information
technology systems were implemented more quickly there than elsewhere. These new
systems had the feature that all laboratory tests ordered by general practitioners were entered
into a hospital information system, which made them available to all staff on the wards and to
consultants in the outpatient department. The stated goal was to cut down on duplicate
testing; but the effect was that even highly sensitive matters such as HIV and pregnancy test
results were no longer restricted to a handful of people (the general practitioner, practice
secretary, the pathologist and the lab technician), but were widely available.
As with the London Ambulance Service, a timely warning of impending disaster was ignored, and
the system duly went live on schedule. A nurse who had had a test done by her general
practitioner complained to him after she found the result on the hospital system at
Basingstoke where she worked; this caused outrage among local general practitioners and
other medical staff, and may have contributed to the health minister's loss of his seat at the
1997 general election. The eventual outcome was that the relevant parts of the system were
turned off at some hospitals.
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 7
Data Security
safety requirements
Reproduction of destroyed data
complete, fast, consistent
Substitution of destroyed processes
Backup of destroyed hardware
Backup of programs
Protection of the communication
Not authorised reading, changing
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 8
IT Baseline Protection
Federal Office for Information Security
http://www.bsi.de/
Consulting of Federal- State- and Local authorities
http://www.bsi.de/english/index.htm
http://www.bsi.de/english/gstool/index.htm
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 9
Uninterruptable
Power supply
(UPS)
• Which devices shall be supplied?
–
–
–
–
Server
Disks
Clients
Network
• How long ?
– Only for shutdown
– Continue the appliations
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 10
emergency power supply
http://www.kabel-vereinigung.at/musterhaus/notstrom.htm
Stationärer Stromerzeuger 800 kVA
Für die Notstromversorgung eines Krankenhauses
http://www.bas-aggregate.de/FrameProdukte.htm
Worzyk
FH Anhalt
http://www.energiesparendes-krankenhaus.de/index.php?id=115
http://www.evk-mettmann.de/index.php?section=21
Telemedizin WS 08/09
Data Security 11
Our UPS
Server + Monitor 1kW
Disks 3*1.5 kW
USV ca. 7 kW for 15 Minutes
At a power failure the UPS signals an
interrupt to the CPU which shuts down
UPS must support the operating system!
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 12
Downtime
24 hours operation on 7 days means:
Time
between two
downtimes
1 day
1 week
1 month
1 year
Worzyk
FH Anhalt
Accepted downtime by system stability
99%
15 minutes
1 ½ hours
7 hours
3 ½ days
99,9%
1,5 minutes
10 minutes
¾ hours
8 ½ hours
99,99%
8 seconds
1 minutes
4 minutes
52 minutes
Telemedizin WS 08/09
Data Security 13
Causes of failure
Worzyk
FH Anhalt
Hardware and
operating systeme
20 %
Faulty application
programs
40%
Human failure
40%
Telemedizin WS 08/09
Data Security 14
attacks on the communication
Man-in-the-middle
the attacker makes independent connections with the victims and relays messages between them, making them believe that
they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the
attacker.
Spoofing-Attacke
a situation in which one person or program successfully masquerades as another by falsifying data and thereby
gaining an illegitimate advantage
Denial-of-Service
make a computer resource unavailable to its intended users
Replay
data transmission is maliciously or fraudulently repeated or delayed
Combination of attacks
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 15
Protection against attacks
Firewall
Encryption
Authentication
non-repudiation
Reception control
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 16
Firewall
Computer between the internet and the local network. It
analyses the data stream and locks or opens the passage
depending on the services, addressee and sender.
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 17
Firewall
Local network
Internet
e.g. department
No access allowed
e.g.
library
All access allowed
firewall
local
Web
Server
Worzyk
FH Anhalt
e.g. department
certain access
allowed
Telemedizin WS 08/09
Data Security 18
encryption
Cryptology
Science of coding messages
Cryptography
Mapping a message on an incomprehensible text
Cryptoanalysis
Decryption of an incomprehensible text
Steganography
Hiding a message in a harmless text
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 19
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 20
Skytale
D
I
N
A
N
D
S
D
E
G
E
R
O
T
H
L
S
O
D
I
E
B
C
H
E
H
L
F
I
E
NIDDNAEDSREGHTOOSLEIDHCBLHEEIF
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 21
Cäsar Chiffre
DERSCHATZLIEGTINEINEMEISENKASTEN
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ABCDEFGHIJKLMNOPQRSTUVWXYZ
FGTUEJCVBNKGVKPGKGOGKUGPMCUVGP
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 22
Cäsar Chiffre
Decoding by counting the frequency of letters
DERSCHATZLIEGTINEINEMEISENKASTEN
E
N
I
S
T
R
A
D
7
4
4
3
3
1
2
1
7
4
4
3
3
1
2
1
G
P
K
U
V
T
C
F
FGTUEJCVBNKGVKPGKGOGKUGPMCUVGP
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 23
Frequency of letters
Worzyk
FH Anhalt
german
ENISTRAD
english
ETANORI
french
ESIANTUR
Telemedizin WS 08/09
Data Security 24
Ciphering
symmetric key
Exchange of keys
Worzyk
FH Anhalt
Key
Key
plain text
Encryption
Cipher text
Decryption
plain text
Telemedizin WS 08/09
Data Security 25
Ciphering
asymmetric key
Certificate Authorities
Public key
Alice
Pub Bob
Private key
P Alice
Pub
Cipher text
Decryption
Pub Alice
Encryption
P Bob
Worzyk
FH Anhalt
Private key
P Bob
Pub Alice
Pub Bob
Plain Text
Bob
%&G(=
Plain
Text Plain Text
Telemedizin WS 08/09
Data Security 26
RSA-CIPHER
Rivest Shamir Aldeman
required: two prime numbers p,q
=> Public key (encrypt)
n = p*q
e relatively prime with (p-1)*(q-1)
Private Key
d
with d*e = 1 mod(p-1)*(q-1)
encrypt: c = me mod n
decrypt: m = cd mod n
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 27
RSA-Example
p = 47; q = 59; p*q = n = 2773
(p-1) * (q-1) = 46*58 = 2668
e*d = 1 mod 2668 <=> (e*d) / 2668 Rest 1
n = 2773; e = 17; d = 157
HALLO ... => 080112121500...
080117 mod 2773 = 2480
121217 mod 2773 = 2345
2480157 mod 2773 = 801
2345157 mod 2773 = 1212
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 28
RSA-CIPHER
time to decipher
The RSA Factoring Challenge
Digits
Bits
140
Year
Computer
Duration
cpu
1999
200; 300MHz
1 Monat
9 Jahre
37,5 Jahre
155
512
1999
300
3,7 Monate
160
530
2002
100
20 Tage
200
663
2005
80; 2.2 GHz
3 Monate
Worzyk
FH Anhalt
55 Jahre
Telemedizin WS 08/09
Data Security 29
Pretty Good Privacy
sending
Public key
of receiver
Private key
of sender
checksum
Digital
Signatur
Worzyk
FH Anhalt
Symmetric key
message
Random number
Encrypted
Random number
Encrypted
message
Telemedizin WS 08/09
Data Security 30
Pretty Good Privacy
receiving
Private key
of receiver
Public key
of sender
Digitale
Signatur
checksum
Encrypted
Random number
Symmetric
key
Random number
Encrypted
message
=?
Worzyk
FH Anhalt
checksum
message
Telemedizin WS 08/09
Data Security 31
Digital Signatur
procedure
Document
Document
Storage
Document
Hashfunktion
Hashfunktion
Checksum
Private key
Signatur
Worzyk
FH Anhalt
Signatur
Checksum
? Checksum
=
Public key
Signatur
Telemedizin WS 08/09
Data Security 32
Roles of a Signature
•
•
•
•
•
Closing
Identity
Authenticity
Evidence
Inhibition threshold
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 33
Regulation concerning
Digital Signatur
(Signaturverordnung
- SigV)
§ 16 Anforderungen an die technischen Komponenten
(1) Die zur Erzeugung von Signaturschlüsseln erforderlichen technischen
Komponenten müssen so beschaffen sein, daß ein Schlüssel mit an Sicherheit
grenzender Wahrscheinlichkeit nur einmal vorkommt und aus dem öffentlichen
Schlüssel nicht der private Schlüssel errechnet werden kann. Die Geheimhaltung
des privaten Schlüssels muß gewährleistet sein und er darf nicht dupliziert werden
können. Sicherheitstechnische Veränderungen an den technischen Komponenten
müssen für den Nutzer erkennbar werden.
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 34
Regulation concerning
Digital Signatur
The technical components which are necessary for the production of
signature keys must be in a condition that a key will appear only
once and that a private key can not be calculated from the public
key. The privacy of the private key must be ensured and it should
be not possible to dublicate the key. Safety-relevant changes in the
technical components must become recognizable for the user.
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 35
Realisation of SigG, SigV und SigRL
•
•
•
•
Linking the public key to its owner
Safe storage of the private key
Building of the digital signature in a safe environment
uniqueness of the key
http://www.bsi.bund.de/esig/index.htm
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 36
certificate
• A certificate links a public key to a specific person
• A reliable third party (Certification Authority - CA) signs these data
Serial number
Name of the owner
Public key of the owner
...
Signatur of CA
• The public key of the CA is known
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 37
Certification Authority
Die Erteilung von Genehmigungen und die Ausstellung von
Zertifikaten, die zum Signieren von Zertifikaten eingesetzt werden,
sowie die Überwachung der Einhaltung dieses Gesetzes und der
Rechtsverordnung nach § 16 obliegen der Behörde nach § 66 des
Telekommunikationsgesetzes
Bundesnetzagentur
http://www.nrca-ds.de/
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 38
Kinds of digital signatures
Simple Signature
• Sign under the document
• scanned signature
• elektronic business card
Uncontrolled use,
no authenticity
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 39
Kinds of digital signatures
advanced Signature
•
•
•
•
exclusively related to the key owner
Permits the identification of the key owner
Is generated under the exclusive control of the key owner
Is related to the signed data in that kind that subsequent change of
the data can be detected
• examples: PGP, Verisign, Sphinx
• May be used inhouse
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 40
Kinds of digital signatures Qualified Signature
without accreditation of provider
• advanced Signature with:
– A certificate which is valide at the time of signature
– Created with a safe program to create signature keys
• The provider registers at Bundesnetzagentur, but will not be
reviewed periodically
http://www.bundesnetzagentur.de/enid/2.html
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 41
Kinds of digital signatures Qualified Signature
without accreditation of provider
•
•
•
•
Qualified Signature
The provider will be checked by Bundesnetzagentur
Longterm reliability is ensured
The signature is equivalent to a signature by hand and the
opponent must prove that it is forged
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 42
Smart card for the
Digital Signatur
• tamper-proof and confidential storage
• security relevant operations are executed on the smart
card
• Simple transport and high availability
• Highly accepted
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 43
Smart card
Mikrocontroller
• CPU + Co-Prozessor (Crypto-Unit)
• RAM (~2k), ROM (~32k) und EEPROM (~32k .. 64k)
• I/O
Crypto
Unit
RAM
ROM
CPU
I/O
System
Worzyk
FH Anhalt
EEPROM
Telemedizin WS 08/09
Data Security 44
Data Security and Cryptography
•
•
•
•
•
•
Legal data protection
IT Baseline Protection
attacks on the communication
Symmetric - asymmetric encryption
Digital signature
Smart cards
Worzyk
FH Anhalt
Telemedizin WS 08/09
Data Security 45